Is Cyber Insurance Worth It?

One of the most valuable assets in most modern organizations is the data it collects or generates. This data can range from personally identifiable information (PII) to intellectual property to client information. Some data must be protected by law (PII) and the value of other data can reflect the resources or research required to develop it, or the strategic advantage it offers. A data breach can have a substantial fiscal impact. According to the University of Maryland there is a cyber-attack every 39 seconds. It is easy to see how, if measures are not taken, a breach could end a business. The goal of this project is to explore the realm of cyber insurance. It is a topic that at first glance might seem straight forward, as many of us are used to the concept of insurance (life, car, health, etc.). However, unlike many of these examples, the idea of “data” is a lot harder to quantitate and qualify. This is an important concept, because we are entering a world where you are more likely to have someone attempt to hack you each day than not. Obviously, every cyber insurance company is going to claim that buying cyber insurance is worth it, as that is their business model. It is very difficult to argue that the coverage provided by these plans are unnecessary or a waste of money, however is the average cost of a plan equivalent to the cost of an incident? Is five years’ worth of insurance more costly than a company bearing the full cost of an incident? This project covers all the variables that go into this decision and will give its reader the tools to make an educated choice.